Overview

The mod_mpm_itk Apache module causes the Apache process to switch to the domain owner's user identifier (UID) and group identifier (GID) before it responds to the request. This allows each user to isolate their files from others with the standard file permission settings.

Note:

To query all of the SETUID and SETGID values on a server, run the following command:

find / -type f \( -perm -04000 -o -perm -02000 \) \-exec ls -lg {} \;

Usage

Use this module only if you run modules that do not require thread-aware code.

Requirements

We strongly recommend that you only install the mod_mpm_itk Apache module on a system that runs CentOS 7 with Secure Computing Mode (seccomp v2) enabled in the kernel. The mod_mpm_itk Apache module will run on CentOS 6, but will not be as secure.

setuid() and setgid() restrictions

The MPM ITK Apache module implements restrictions on the use of the setuid() function and the setgid() function. As a result, scripts that depend on these functions may encounter problems. This includes scripts that use the mail() function, the shell_exec function, or the sudo command.

You can resolve these restrictions with one of the following methods:

Do not use the MPM ITK Apache module.

Update your script to no longer require escalated privileges.

Turn off the security and allow users to execute scripts as the root user. You can allow users with a UID or GID between 0 and 4294496296 to bypass security if you add the following code to your /etc/apache2/conf.d/includes/pre_virtualhost_global.conf file.

How to install or uninstall mod_mpm_itk

In the interface

The easiest way to install or uninstall the mod_mpm_itk Apache module is with WHM's EasyApache 4 interface (WHM >> Home >> Software >> EasyApache 4).

On the command line

Install the module

You must manually uninstall MPM Worker and install MPM Prefork in order for the MPM ITK module work correctly. You must perform the following steps on the command line before you install the MPM ITK module:

cPanel, WebHost Manager, and WHM are registered trademarks of cPanel, Inc. for providing its computer software that facilitates the management and configuration of Internet web servers. ®2018 All rights reserved.